US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. In December, threat actors affiliated with the Clop ransomware gang began exploiting vulnerabilities in Accellion FTA servers used by organizations to share sensitive files with people outside of their organization. On Friday, Flagstar Bank issued a security disclosure on their website and began emailing customers about a breach of their Accellion FTA server. READ MORE...
Recent service disruptions at the Pan-American Life Insurance Group (PALIG) were likely caused by a cyberattack conducted by a threat actor known for using the REvil ransomware. New Orleans-based PALIG provides life, accident and health insurance services across the Americas. The group has more than 20 member companies and employs roughly 2,000 people worldwide. The official website of PALIG (palig.com) currently only displays some contact information and the following message. READ MORE...
An Idaho man faces federal charges after authorities say he hacked into the computers of a Georgia city and Atlanta area medical clinics. Robert Purbeck - who used online aliases Lifelock and Studmaster - was indicted Tuesday by a federal grand jury in Georgia, according to a news release from the U.S. attorney's office in Atlanta. He's charged with computer fraud and abuse, access device fraud and wire fraud. READ MORE...
The European Banking Authority, a key EU financial regulator, says it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group. Microsoft said last week that a state-sponsored group operating out of China was exploiting previously unknown security flaws in its Exchange email services to steal data from business and government users, believed to number in the tens of thousands so far. READ MORE...
In brief Another form of malware installed in servers made vulnerable by flaws in SolarWinds' Orion management software has been spotted in the wild. The malware strain, identified as SUNSHUTTLE by boffins at security shop FireEye, is a backdoor attack written in Go which uses HTTPS to communicate with a command-and-control server for data exfiltration, adding new code as needed. Someone based in the US uploaded the malware to a public malware repository in August last year, well before the attack. READ MORE...
Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. The threat actors exploit two pre-auth remote command execution (RCE) vulnerabilities in the Helpdesk app patched by QNAP in October 2020. Cryptomining malware discovered on NAS devices compromised during this campaign was named UnityMiner by researchers at Qihoo 360's Network Security Research Lab (360 Netlab). READ MORE...
Police in Barcelona have arrested four hackers suspected to be behind a massive criminal scheme which has targeted tens of thousands of victims with malicious links impersonating banks in order to steal victims' credentials and money. In the raid, which took place March 2, the police collected laptops, cash, documents, and other high-end mobile devices, the Criminal Investigation Division of the Barcelona Metropolitan Police Region said in an announcement. READ MORE...
The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China. Microsoft revealed the attack last week and released Exchange security updates. The Biden administration's Cybersecurity and Infrastructure Security Agency (CISA) followed up with a March 5 general advisory encouraging upgrades to on-premises Exchange environments. READ MORE...
The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments. The REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware operators develop the malware and payment site, and affiliates (adverts) compromise corporate networks to deploy the ransomware. READ MORE...
The University of the Highlands and Islands (UHI) in Scotland is fending off "an ongoing cyber incident" that has shut down its campuses. In a message to students and staff yesterday afternoon, the institution, which spans 13 locations across the northernmost part of the UK, warned that "most services" - including its Brightspace virtual learning environment - were affected. "We are currently working to isolate and minimise impact from this incident with assistance from external partners." READ MORE...